November 3, 2024

How to Change the SSH Port in Ubuntu Linux

mr rockstar

How to Change the SSH Port in Ubuntu Linux
Cheap Dedicated Server

Changing the default SSH port on Ubuntu is a common security measure. By default, SSH runs on port 22, which is known to attackers. Changing it to a custom port can reduce the risk of automated attacks. Here’s a step-by-step guide to changing your SSH port in Ubuntu.

Step 1: Update the System

Before making any configuration changes, ensure your system packages are up-to-date:

 
sudo apt update && sudo apt upgrade -y

Updating helps avoid issues with package dependencies and improves security.

Step 2: Choose a New Port

When choosing a new port, pick a number between 1025 and 65535 (the higher range is less commonly used by other applications). Avoid ports used by other popular services, like 80 (HTTP) or 443 (HTTPS).

For this example, let’s change the SSH port to 2222.

Step 3: Update the SSH Configuration

Edit the SSH configuration file using your preferred text editor:
Edit the SSH configuration file

 
sudo nano /etc/ssh/sshd_config

Look for the line that reads:
Look for the line that reads

 
#Port 22

Uncomment this line by removing the # and change the port number from 22 to your chosen port (e.g., 2222):
Uncomment this line by removing the #

 
Port 2222

Save and close the file (in nano, you can do this by pressing Ctrl + X, then Y to confirm).

Step 4: Allow the New SSH Port in the Firewall

To prevent locking yourself out, update your firewall rules to allow the new SSH port. Assuming you’re using ufw (Uncomplicated Firewall), add the new port:
Allow the New SSH Port in the Firewall

 
sudo ufw allow 2222/tcp

If SSH was previously allowed, you may also want to remove the rule for port 22:
If SSH was previously allowed

 
sudo ufw delete allow 22/tcp

Then, reload ufw to apply the changes:

Then, reload ufw to apply the changes

 
sudo ufw reload

Step 5: Restart the SSH Service

After updating the configuration file and firewall rules, restart the SSH service for the changes to take effect:
Restart the SSH Service

 
sudo systemctl restart ssh

Alternatively, if systemctl is unavailable:

 
sudo service ssh restart

Step 6: Verify the New SSH Port

To ensure SSH is listening on the new port, use:

 
sudo ss -lnpt | grep sshd

This command will display active network connections, confirming the SSH service listens on your new port.

Step 7: Test the New SSH Port

Before closing your current SSH session, try connecting to the server using the new port from a different terminal or system:

Test the New SSH Port

 
ssh -p 2222 username@your_server_ip

If the connection is successful, the port change was correctly applied.

Additional Tips

  • Disable Root Login: To add another layer of security, consider disabling SSH login for the root user by setting PermitRootLogin no in the same configuration file.
  • Use SSH Keys: For even stronger security, use SSH key authentication instead of passwords.

Conclusion

Changing the SSH port on Ubuntu is a straightforward yet effective way to reduce unwanted login attempts. By following these steps, you improve your server’s security with minimal effort. Remember to document the new port number to avoid accidental lockouts and always follow best practices like using SSH keys for authentication.

Change the SSH Port in Ubuntu Linux (F.A.Q)

 

Why should I change the SSH port?

Changing the default SSH port helps reduce the risk of automated attacks by making your server less visible to attackers who scan for the default port (22).

What port range should I choose for SSH?

Choose a port between 1025 and 65535 to avoid conflicts with well-known services. Higher port numbers are generally safer and less likely to be used by other applications.

 

How do I connect using the new SSH port?

Specify the new port with the -p option in your SSH command. For example:

ssh -p 2222 username@your_server_ip

 

Can changing the port break my SSH connection?

Yes, if the firewall or SSH service configuration isn’t updated correctly. Test the new port before closing any active SSH session to avoid getting locked out.

Popular Blog Posts